1) Uruchom
OTL i w oknie
Własne opcje skanowania/Skrypt wklej to:
:Files
C:\Users\Szymon\wgsdgsdgdsgsd.dll
C:\Users\Szymon\Xwgsdgsdgdsgsd.dll
C:\ProgramData\Xdsgsdgdsgdsgw.pad
C:\ProgramData\Xdsgsdgdsgdsgw.js
:OTL
SRV - [2012-12-14 15:05:23 | 002,469,992 | ---- | M] () [Auto | Stopped] -- C:\ProgramData\BrowserProtect\2.5.1005.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe -- (BrowserProtect)z
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?crg=3.1010000.10005&barid={B5D84972-EF4E-11E1-ADD5-50E5495AD96C}
IE - HKLM\..\URLSearchHook: {fa3da02f-8f1c-47bc-b462-51cfc5a12725} - C:\Program Files\WeLoveMusic\prxtbWeLo.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10005&barid={B5D84972-EF4E-11E1-ADD5-50E5495AD96C}
IE - HKU\S-1-5-21-1081178902-2998496384-2607672579-1000\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://search.babylon.com/?affID=117242&tt=5112_7&babsrc=HP_ss&mntrId=0010dc3c00000000000050e5495ad96c
IE - HKU\S-1-5-21-1081178902-2998496384-2607672579-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=117242&tt=5112_7&babsrc=HP_ss&mntrId=0010dc3c00000000000050e5495ad96c
IE - HKU\S-1-5-21-1081178902-2998496384-2607672579-1000\..\URLSearchHook: {fa3da02f-8f1c-47bc-b462-51cfc5a12725} - C:\Program Files\WeLoveMusic\prxtbWeLo.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1081178902-2998496384-2607672579-1000\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-1081178902-2998496384-2607672579-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=117242&tt=5112_7&babsrc=SP_ss&mntrId=0010dc3c00000000000050e5495ad96c
IE - HKU\S-1-5-21-1081178902-2998496384-2607672579-1000\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10005&barid={B5D84972-EF4E-11E1-ADD5-50E5495AD96C}
IE - HKU\S-1-5-21-1081178902-2998496384-2607672579-1000\..\SearchScopes\{F3105995-F417-460E-801C-958DF0362700}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3158561
FF - prefs.js..browser.search.defaultenginename: "SweetIM Search"
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.startup.homepage: "http://search.babylon.com/?affID=117242&tt=5112_7&babsrc=HP_ss&mntrId=0010dc3c00000000000050e5495ad96c"
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{58bd07eb-0ee0-4df0-8121-dc9b693373df}: C:\ProgramData\BrowserProtect\2.5.1005.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension [2012-12-18 14:13:56 | 000,000,000 | ---D | M]
[2012-08-26 08:22:04 | 000,003,998 | ---- | M] () -- C:\Users\Szymon\AppData\Roaming\mozilla\firefox\profiles\2eyroy6b.default\searchplugins\sweetim.xml
[2012-12-18 14:13:01 | 000,002,349 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O2 - BHO: (WeLoveMusic Toolbar) - {fa3da02f-8f1c-47bc-b462-51cfc5a12725} - C:\Program Files\WeLoveMusic\prxtbWeLo.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (WeLoveMusic Toolbar) - {fa3da02f-8f1c-47bc-b462-51cfc5a12725} - C:\Program Files\WeLoveMusic\prxtbWeLo.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1081178902-2998496384-2607672579-1000\..\Toolbar\WebBrowser: (WeLoveMusic Toolbar) - {FA3DA02F-8F1C-47BC-B462-51CFC5A12725} - C:\Program Files\WeLoveMusic\prxtbWeLo.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Tutorials] C:\Program Files\TUTO4PC\tuto4pc_pl_1.exe ()
O4 - HKU\S-1-5-21-1081178902-2998496384-2607672579-1000..\Run: [] File not found
O20 - AppInit_DLLs: (c:\programdata\browse~1\251005~1.80\{c16c1~1\browse~1.dll) - c:\ProgramData\BrowserProtect\2.5.1005.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll ()
[2012-12-18 14:14:43 | 000,000,000 | ---D | C] -- C:\Users\Szymon\AppData\Local\supt4pc_pl_1
[2012-12-18 14:14:41 | 000,000,000 | ---D | C] -- C:\Users\Szymon\AppData\Local\tuto4pc_pl_1
[2012-12-18 14:14:41 | 000,000,000 | ---D | C] -- C:\Program Files\TUTO4PC
[2012-12-18 14:14:10 | 000,000,000 | ---D | C] -- C:\Users\Szymon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect
[2012-12-18 14:13:45 | 000,000,000 | ---D | C] -- C:\ProgramData\BrowserProtect
:Commands
[emptytemp]
Kliknij w
Wykonaj Skrypt. Zatwierdź restart komputera. Zapisz raport, który pokaże się po restarcie.
Następnie uruchom
OTL ponownie, tym razem kliknij
Skanuj.
Pokaż nowy log OTL.txt oraz raport z usuwania Skryptem.
2) Użyj >
Adw-cleaner (aby pobrać kliknij na dużą zieloną strzałkę po prawej).
Kliknij w nim
Usuń Pokaż raport z niego C:\AdwCleaner[S1].txt
3) Do >
SystemLook wklej:
:regfind
wgsdgsdgdsgsd
Naciśnij
Look i pokaż raport.
.